|
61 | 61 | import java.util.List; |
62 | 62 | import java.util.NoSuchElementException; |
63 | 63 | import java.util.TreeSet; |
| 64 | +import java.util.logging.Level; |
| 65 | +import java.util.logging.Logger; |
64 | 66 |
|
65 | 67 | /** |
66 | 68 | * Interface for checking if a hostname matches the names stored inside the |
@@ -221,6 +223,8 @@ public final void check(final String[] host, final String[] cns, |
221 | 223 | }; |
222 | 224 |
|
223 | 225 | abstract class AbstractChecker implements HostnameChecker { |
| 226 | + private final Logger logger = Logger.getLogger(getClass().getName()); |
| 227 | + |
224 | 228 | public static String[] getCNs(X509Certificate cert) { |
225 | 229 | try { |
226 | 230 | final String subjectPrincipal = cert.getSubjectX500Principal().getName(X500Principal.RFC2253); |
@@ -406,10 +410,19 @@ is presenting (e.g. edit "/etc/apache2/server.crt" |
406 | 410 | check(host, x509); |
407 | 411 | } |
408 | 412 |
|
| 413 | + private String commaJoin(String [] input) { |
| 414 | + if ( input == null ) return ""; |
| 415 | + return String.join(",", Arrays.asList(input)); |
| 416 | + } |
| 417 | + |
409 | 418 | public void check(String[] host, X509Certificate cert) |
410 | 419 | throws SSLException { |
411 | 420 | String[] cns = AbstractChecker.getCNs(cert); |
412 | 421 | String[] subjectAlts = AbstractChecker.getDNSSubjectAlts(cert); |
| 422 | + logger.log(Level.INFO, |
| 423 | + "attempting to verify SSL identity '" + commaJoin(host) + "' " + |
| 424 | + "against cns: [" + commaJoin(cns) + "], " + |
| 425 | + "subject-alts: [" + commaJoin(subjectAlts) + "]"); |
413 | 426 | check(host, cns, subjectAlts); |
414 | 427 | } |
415 | 428 |
|
|
0 commit comments